ChromeOS is super-limited, designed primarily to just let you run Chrome.

It’s not general purpose. There’s no support for running other applications (apart from widgets that let you diddle OS parameters like joining WiFi networks etc). There’s no local file storage. There’s no way to hand off to other executions because there’s nothing else to execute.

Windows is… not that. It’s designed to allow any user to run any application that they want any time they want it, whether it’s good for them or not. You can write it yourself, you can download it from the Internet, you can buy it shrinkwrapped in a store, the OS doesn’t care. If it’s got the right bytecode, it’ll run.

And handoffs between applications is trivial. So I can have bad actor code in Javascript on a web page make a call to download then run bad actor code, with elevated privilege, so all bets on “secure” are off.

Thankfully, there are ways to tighten down the controls on that to prevent users from screwing themselves over too much, and in enterprise environments, there are ways to lock things down to “you can only run stuff that we say you can run”, but that’s not the default. The default is “here’s a gun, here’s some ammo, there’s your foot, good luck”.

macOS is wound a bit more tightly than that. Having roots in UNIX, the default security model is much less permissive and the OS defaults which have grown around that base over the years are pretty conservative. Yes, you can build or download and run code. But for it to do any of a wide variety of things that would compromise the security of the system, you have to give authorization – and in a very obvious “no, seriously, do you want this to happen, for reals?” kind of way.

(That’s actually how the OSX/Dok malware worked; it solicited your administrator password and exfiltrated it, showing that you can exploit that sort of thing, but differently than many had thought.)

So, if you want to browse the web and not worry about your system being infected by random malware, the safest thing to do is get a Chromebook. There’s nearly zero chance of it getting infected because the attack surface is really, really small. There’s a very low chance of targeted malware evolving because the OS design means there’s no native local data to exploit.

Your second choice: a macOS. It’s much more secure from the start. The theory was that Mac users were safer because of sheer numbers: hundreds of millions of Windows systems make a more attractive target than a much smaller number of Mac users. However, since Apple owns the global market for laptops over $1000, those users are much, much more interesting from an exploit perspective, so we who use Macs have a giant, shiny target painted on us; expect exploits to arrive, in greater numbers, in the coming years.

Last choice: Windows. Way too easy to run code that you don’t really want to run, way too difficult to use if you crank it down all the way.

Final note: no matter how secure the platform is, nothing can protect you from falling for phishing attacks, choosing to enter your credentials on a bad actor operated web site, or infrastructure attacks like man-in-the-middle. You can minimize the collateral damage, but it’s still dangerous out there, people. Be careful.

This questionoriginally appeared on Quora – the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions: